[CERT-daily] Tageszusammenfassung - 27.05.2020

Wed May 27 18:15:08 CEST 2020

=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 26-05-2020 18:00 − Mittwoch 27-05-2020 18:00
Handler:     Thomas Pribitzer
Co-Handler:  Stephan Richter
Co-Handler:  Robert Waldner

=====================
=       News        =
=====================

∗∗∗ Netgear-Router: Update-Prozess unsicher, Hersteller schweigt ∗∗∗
---------------------------------------------
Der Firmware-Updater einiger Netgear-Router wie dem Nighthawk R7000 ist offenbar unsicher. Dies hat das IoT-Lab der University of Applied Sciences Upper Austria (FH Oberösterreich) herausgefunden. Ob und wie der Hersteller auf das Problem reagiert ist indes völlig unklar – der Hersteller hüllt sich seit Wochen in Schweigen. 
---------------------------------------------
https://heise.de/-4766025


∗∗∗ Micropatch Available for User-Mode Power Service Memory Corruption (CVE-2020-1015) ∗∗∗
---------------------------------------------
Windows 7 and Server 2008 R2 users without Extended Security Updates have just received a micropatch for CVE-2020-1015, a memory corruption vulnerability in User-Mode Power Service that could allow a local attacker to execute arbitrary code as Local System.This vulnerability was patched by Microsoft with April 2020 Updates, but Windows 7 and Server 2008 R2 users without Extended Security Updates remained vulnerable.
---------------------------------------------
https://blog.0patch.com/2020/05/micropatch-available-for-user-mode.html


∗∗∗ Vorsicht bei Privatverkauf: Betrug mit Speditionen boomt! ∗∗∗
---------------------------------------------
Der Weg über angebliche Speditionen ist eine beliebte Betrugsmasche beim Privatverkauf. Vor allem teure Waren, die auf Kleinanzeigenportale inseriert werden, locken BetrügerInnen an. Die vermeintlichen KäuferInnen erklären, dass sie im Ausland sind und daher der Kauf über eine Spedition abgewickelt werden soll. Hier gilt es vorsichtig zu sein, denn die Opfer werden aufgefordert das Geld für die Spedition zu überweisen. Das Unternehmen existiert jedoch gar
---------------------------------------------
https://www.watchlist-internet.at/news/vorsicht-bei-privatverkauf-betrug-mit-speditionen-boomt/


∗∗∗ New fuzzing tool finds 26 USB bugs in Linux, Windows, macOS, and FreeBSD ∗∗∗
---------------------------------------------
Eighteen of the 26 bugs impact Linux. Eleven have been patched already.
---------------------------------------------
https://www.zdnet.com/article/new-fuzzing-tool-finds-26-usb-bugs-in-linux-windows-macos-and-freebsd/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (drupal7 and unbound), Fedora (libEMF and transmission), Mageia (dojo, log4net, nginx, nodejs-set-value, sleuthkit, and transmission), Red Hat (rh-maven35-jackson-databind), SUSE (dpdk and mariadb-connector-c), and Ubuntu (thunderbird).
---------------------------------------------
https://lwn.net/Articles/821530/


∗∗∗ BOSCH-SA-363824-BT ∗∗∗
---------------------------------------------
Multiple Vulnerabilities in Bosch Recording Station (BRS)
---------------------------------------------
https://media.boschsecurity.com/fs/media/pb/security_advisories/bosch-sa-363824-bt_cve-2017-0144_cve-2019-0708_cve-2020-6774_security_advisory_brs.pdf


∗∗∗ Security Advisory - Improper Authentication Vulnerability in Several Smartphones ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200527-02-smartphone-en


∗∗∗ Security Advisory - Privilege Escalation Vulnerability in Some Huawei Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200527-01-mtk-en


∗∗∗ Security Advisory - Denial of Service Vulnerability in Some Huawei Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200527-01-dos-en


∗∗∗ Security Advisory - Kr00k Vulnerability in Broadcom Wi-Fi chips ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200527-01-wifi-en


∗∗∗ Security Advisory - Stack Buffer Overflow Vulnerability in Several Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200527-01-stack-en


∗∗∗ Security Advisory - Information Disclosure Vulnerability in Several Smartphones ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200527-01-smartphone-en


∗∗∗ Security Advisory - Improper Authorization Vulnerability in Several Smartphones ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200527-03-smartphone-en


∗∗∗ Security Advisory - Improper Authorization Vulnerability in Several Smartphones ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200527-04-smartphone-en


∗∗∗ Security Advisory - Improper Authentication Vulnerability in Several Smartphones ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200527-05-smartphone-en


∗∗∗ Security Bulletin: IBM Spectrum Scale GUI is affected by cross-site scripting (CVE-2020-4358) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-spectrum-scale-gui-is-affected-by-cross-site-scripting-cve-2020-4358/


∗∗∗ Security Bulletin: IBM Spectrum Scale GUI is affected by weak cryptographic algorithm (CVE-2020-4350) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-spectrum-scale-gui-is-affected-by-weak-cryptographic-algorithm-cve-2020-4350/


∗∗∗ Security Bulletin: User Credentials submitted using GET method ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-user-credentials-submitted-using-get-method/


∗∗∗ Security Bulletin: A vulnerability in netty affects IBM Spectrum Scale Transparent Cloud Tiering(CVE-2020-7238) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-netty-affects-ibm-spectrum-scale-transparent-cloud-tieringcve-2020-7238-2/


∗∗∗ Security Bulletin: IBM Spectrum Scale GUI is affected by weak crypto algorithm (CVE-2020-4349) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-spectrum-scale-gui-is-affected-by-weak-crypto-algorithm-cve-2020-4349/


∗∗∗ Security Bulletin: IBM Spectrum Scale GUI is affected by weak crypto algorithm (CVE-2020-4379) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-spectrum-scale-gui-is-affected-by-weak-crypto-algorithm-cve-2020-4379/


∗∗∗ Security Bulletin: Multiple vulnerabilities in netty affect IBM Spectrum Scale Transparent Cloud Tiering (CVE-2019-20445, CVE-2019-20444) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-netty-affect-ibm-spectrum-scale-transparent-cloud-tiering-cve-2019-20445-cve-2019-20444/


∗∗∗ Security Bulletin: IBM Spectrum Scale GUI is affected by verbose error message (CVE-2020-4357) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-spectrum-scale-gui-is-affected-by-verbose-error-message-cve-2020-4357/


∗∗∗ Security Bulletin: Vulnerability in IBM Java SDK affects IBM Virtualization Engine TS7700 – January 2020 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java-sdk-affects-ibm-virtualization-engine-ts7700-january-2020/


∗∗∗ Security Bulletin: A vulnerability in netty affects IBM Spectrum Scale Transparent Cloud Tiering(CVE-2020-7238) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-netty-affects-ibm-spectrum-scale-transparent-cloud-tieringcve-2020-7238/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily